[Python-Dev] Re: Capabilities
Sun, 9 Mar 2003 20:09:33 +0100
From: "Samuele Pedroni" <email@example.com>
> From: "Jim Fulton" <firstname.lastname@example.org>
> > For example, you can't proxy exceptions without
> > breaking exception handling. In Zope, we rely on restricted execution to
> > certian kinds of introspection on exceptions and exception classes. In
> > also don't proxy None, because None is usually checked for identity. We
> > proxy strings, and numbers.
> That was a question I was asking myself about proxies: exception handling.
> But I never had the time to play with it to check.
> Does that mean that restricted code can get unproxied instances of classic
> classes as caught exceptions?
maybe the question was unclear, but it was serious, what I was asking is
whether some restricted code can do:
deliberate code to force exception
so that e is caught unproxied. Looking at zope/security/_proxy.c it seems this
can be the case...
then to be (likely) on the safe side, all exception class definitions for
possible e classes: like e.g.
ought to be executed _in restricted mode_, or be "trivial/empty": something
def __init__(self, msg):
self.message = msg
is already too much rope.
Although it seems not to have the "nice" two-level-of-calls behavior of Bastion
instances, an unproxied instance of MyExc if MyExc was defined outside of
restricted execution, can be used to break out of restricted execution.